[K12OSN] pam_mount
Nathan Sinton
nsinton at gmail.com
Mon Mar 14 20:11:40 UTC 2005
I'm having a problem with pam_mount. I've got a linux box logging
into my Win 2003 domain but I want to have the user's home directories
mounted/unmounted automatically. I installed pam_mount using yum and
have it configured like this:
/etc/security/pam_mount.conf
debug 1
mkmountpoint 1
options_require nosuid,nodev
lsof /usr/sbin/lsof
fsck /sbin/fsck
losetup /sbin/losetup
unlosetup /sbin/losetup -d
smbmount /bin/mount -t cifs
umount /usr/bin/smbumount
volume * smb raid & /u/&
uid=&,gid=&,dmask=0777,nodev,suid,workgroup=LCHSCOMPLAB - -
/etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so broken_shadow
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_winbind.so
account required /lib/security/$ISA/pam_permit.so
auth required /lib/security/$ISA/pam_mount.so use_first_pass
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
password sufficient /lib/security/$ISA/pam_winbind.so use_authtok
password required /lib/security/$ISA/pam_deny.so
#session required /lib/security/pam_mkhomedir.so
skel=/etc/skel/ umask=077
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_mount.so
/etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth sufficient /lib/security/pam_winbind.so use_first_pass
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
account sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_mount.so use_first_pass
password required pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so multiple open
session optional /lib/security/pam_mount.so
I'm just trying to get a text console logon to work first and then
I'll move on to gdm.
In my /var/log/messages I've got a few weird things.
Mar 14 13:00:01 bungelab2020 pam_winbind[4497]: Could not retrieve
user's password
Mar 14 13:00:04 bungelab2020 login[24561]: pam_mount: command: mount -t cifs
Mar 14 13:00:04 bungelab2020 login[4497]: pam_mount: mount errors
(should be empty):
Mar 14 13:00:04 bungelab2020 login[4497]: pam_mount: pam_mount:
command: mount -t cifs
Mar 14 13:00:05 bungelab2020 -- nathansinton[4497]: LOGIN ON tty2 BY
nathansinton
I don't know about the pam_winbind error because it lets me login and
does fail if the password is incorrect. I think that the problem is
that pam_mount isn't passing the right options to the mount command.
I think that what it shows as the mount command is what it is actually
running.
any help would be greatly appreciated!
-Nathan
More information about the K12OSN
mailing list